Photos present a practical privacy dilemma: Keep them stored on your phone, and they’ll hog your storage and risk being lost forever the next time your phone falls into a toilet. Stash them in the cloud, and they’re in the hands of Google, Apple, or anyone who can compel those companies to hand over your most intimate pictures. A forthcoming app called Pixek wants to offer a better option.

Pixek plans to upload your camera roll, while still letting you keep your selfies and sensitive photo evidence secret. It does so by sending photos to its own servers, while end-to-end encrypting them with a key stored only on the user’s phone.

That means it’s designed to ensure that no one other than that user can ever decrypt those pics, not even Pixek itself. And yet thanks to some semi-magical crypto tricks, Pixek still allows you to search those photos by keyword, performing image recognition on your photos before they’re uploaded and then scrambling them with a unique form of encryption that makes their contents searchable without ever exposing those contents to Pixek itself.

“My sense is that photos are this special case, where people have to use the cloud because the sentimental value is too high to risk losing them and the storage costs are too large. And they give up privacy because of it,” says Pixek developer and Brown University cryptographer Seny Kamara, who presented an alpha version of the app at the Real World Crypto conference earlier this month. But Pixek, as he describes it, offers another alternative, a full camera-to-cloud encrypted storage system. “You take the pictures on your phone with the app, they’re encrypted on the device and backed up to our servers. The keys stay on your device, and we can’t see anything.”